SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2010-05-27T22:00:00
Updated: 2024-08-07T02:17:14.490Z
Reserved: 2010-05-27T00:00:00
Link: CVE-2010-2092
Vulnrichment
No data.
NVD
Status : Modified
Published: 2010-05-27T22:30:01.467
Modified: 2012-02-16T04:04:09.927
Link: CVE-2010-2092
Redhat